[blfs-dev] Upcoming BLFS-7.5 release

Armin K. krejzi at email.com
Wed Mar 5 18:31:37 PST 2014


On 03/06/2014 02:49 AM, Ken Moffat wrote:
> On Wed, Mar 05, 2014 at 11:03:15PM +0000, Ken Moffat wrote:
>>
>>  Those who are able to read https://lwn.net/Articles/589291/ (might
>> be subscriber-only for the next 2 weeks, I'm not sure) will see from
>> nix's comment that there is already a second "fix" version of gnutls
>> (perhaps the first will be fine for BLFS), and _apparently_ it needs
>> a new version of p11-kit.
>>
>>  My gut feeling is that we should get the current book out the door,
>> but continue to recommend that people use the development version of
>> the book.
> 
>  For anyone who wasn't aware of this vulnerability (I suspect that
> in this case I'm behind the curve, and you've probably all already
> fixed your own affected systems), 3.2.12.1 builds with the current
> instructions, and links to the book's current version of p11-kit.
> The timings for make check and for rebuilding the docs are, however,
> quite different on my machine.  I'll put it in the book when svn is
> open, and then do a chroot gnome build to try to spot anything which
> fails to build.
> 
>  What I can't do at the moment is confirm what uses this.  I suspect
> that it is dynamically loaded when https:// has to be negotiated.
> Can somebody remind me, please, of the package which identifies
> dynamically loaded libraries ?  I think Igor mentioned it a while
> back, and I'm fairly sure that Fernando showed some output from it,
> but I can't find it in my notes.  Thanks.
> 
> ĸen
> 

For your information, this is list of executables and libraries that's
linked to libgnutls.so.28 on my system:

/usr/bin/gnutls-serv
/usr/bin/gvnccapture
/usr/bin/gnutls-cli-debug
/usr/bin/p11tool
/usr/bin/crywrap
/usr/bin/certtool
/usr/bin/ocsptool
/usr/bin/danetool
/usr/bin/srptool
/usr/bin/psktool
/usr/bin/gnutls-cli
/usr/lib/libgvnc-1.0.so.0.0.1
/usr/lib/libgtk-vnc-2.0.so.0.0.2
/usr/lib/libavformat.so.55.19.104
/usr/lib/samba/libauthkrb5.so
/usr/lib/gstreamer-1.0/libgstfragmented.so
/usr/lib/gio/modules/libgiognutls.so
/usr/lib/libgnutls-openssl.so.27.0.2
/usr/lib/libgnutls-xssl.so.0.0.0
/usr/lib/vlc/plugins/misc/libgnutls_plugin.so
/usr/lib/libgvncpulse-1.0.so.0.0.1
/usr/lib/libgnutlsxx.so.28.1.0
/usr/lib32/libgnutls-openssl.so.27.0.2
/usr/lib32/libgnutls-xssl.so.0.0.0
/usr/lib32/libgnutlsxx.so.28.1.0

Most of these are actually executables and libraries installed by gnutls
package itself. Others include glib-networking, which is glib's tls
implementation and any GTK+/GLib app that uses TLS is actually using
GnuTLS (including epiphany), gtk-vnc, ffmpeg, samba, vlc,
gstreamer-plugins-notsure-1.0.

-- 
Note: My last name is not Krejzi.



More information about the blfs-dev mailing list